add zammad to fw vm, add web-arm machine

hosts/fw.cloonar.com/modules/unbound.nix

@@ -2,9 +2,30 @@
 let
   cids = import ../modules/staticids.nix;
   domain = "ns.cloonar.com";
+
+  adblockLocalZones = pkgs.stdenv.mkDerivation {
+    name = "unbound-zones-adblock";
+
+    src = (pkgs.fetchFromGitHub {
+      owner = "StevenBlack";
+      repo = "hosts";
+      rev = "3.0.0";
+      sha256 = "01g6pc9s1ah2w1cbf6bvi424762hkbpbgja9585a0w99cq0n6bxv";
+    } + "/hosts");
+
+    phases = [ "installPhase" ];
+
+    installPhase = ''
+      ${pkgs.gawk}/bin/awk '{sub(/\r$/,"")} {sub(/^127\.0\.0\.1/,"0.0.0.0")} BEGIN { OFS = "" } NF == 2 && $1 == "0.0.0.0" { print "local-zone: \"", $2, "\" static"}' $src | tr '[:upper:]' '[:lower:]' | sort -u >  $out
+    '';
+
+  };
   cfg = {
     remote-control.control-enable = true;
     server = {
+      include = [
+        "\"${adblockLocalZones}\""
+      ];
       interface = [ "0.0.0.0" "::0" ];
       interface-automatic = "yes";
       access-control = [
@@ -32,7 +53,10 @@ let
         "\"deconz.cloonar.com IN A 10.42.97.22\""
         "\"snapcast.cloonar.com IN A 10.42.97.21\""
         "\"home-assistant.cloonar.com IN A 10.42.97.20\""
+        "\"web-02.cloonar.com IN A 10.42.97.5\""
+        "\"support.cloonar.com IN A 10.42.97.5\""
         "\"git.cloonar.com IN A 10.42.97.50\""
+        "\"sync.cloonar.com IN A 10.42.97.51\""
 
         "\"stage.wsw.at IN A 10.254.235.22\""
         "\"prod.wsw.at IN A 10.254.217.23\""
@@ -71,6 +95,8 @@ let
         "\"upgrade-staging.wienwohntbesser.at IN A 10.254.240.110\""
         "\"conf.wrwks.at IN A 10.254.240.105\""
 
+        "\"web.hilgenberg-gmbh.de IN A 91.107.197.169\""
+
         "\"deconz.cloonar.multimedia IN A 10.42.97.22\""
         "\"metz.cloonar.multimedia IN A 10.42.99.10\""
         # "\"ps5.cloonar.multimedia IN A 10.42.99.12\""
@@ -216,6 +242,7 @@ in {
     group = "unbound";
   };
 
+  services.resolved.enable = false;
 
   services.unbound = {
     enable = true;